Skip to Content

Setting up Authentication for Cloud Portal using Cloud Identity – V

This blog is part of a series which is related to setting up Cloud Identity to authenticate Cloud Portal in different scenarios.

Setting up Authentication for Cloud Portal using Cloud Identity

Part 1 – Setting up SCI as IdP for a vendor facing Cloud Portal

Part 2 – Using Social Identity Providers to access Cloud Portal

Part 3 – Setup Self-registration form

Part 4 – Manage Cloud Portal Catalogs and roles

Part 5 – Mapping of groups between SCI and Cloud Portal

Part 6 – Setup 2FA for Cloud Portal access

In the previous blog, we saw how to create roles and assign them manually to users within the Cloud Portal.In real world scenario, it is unlikely that we would be adding each user to these custom HCP roles. Assume, if there are 1000’s of users and managing this assignment within the Cloud Portal configuration section would become cumbersome. In this blog, I am going to show how we can map users to groups and manage this more efficiently.

Creation of Groups in HCP Cockpit

When dealing with large user volumes, it is recommended to have groups to manage the user access. Navigate to the “Authorization” menu of the HCP cockpit and create two groups – Employee & Manager. Assign the respective HCP roles as shown below.


Creation of Groups in Cloud Identity

Login to SCI as an administrator click on “User Groups” tile


Navigate back to the “User Management” tile and edit the Employee User to assign this user to the newly created SCI User Group.


In the next blog, we shall see how to setup and use Two-Factor Authentication (2FA) in SCI to access the Cloud Portal.

You must be Logged on to comment or reply to a post.
  • Very good post. Just one comment. I have tested a similar scenario with a user assigned to two different groups. I have mapped the SCP groups to the SCI user groups using regular expression and it works fine.

    The is a curious detail. Although the SAML Assetion Attribute is called “groups” this is quite misleading. I have called the User API to display the values of the assertion attributes for the current user. Strangely, the field "groups" comes with only one group key although in SCI it has assigned two user groups. I expected this field to return the groups delimitted by a comma or something of that sort.

    • Hi Juan,

      Thanks. Can you please provide the details of the user API which you are using. If I try to query the SCI user details using https://<Cloud_Identity_Tenant>/service/scim/Users/<USER_ID> this shows me the list of all groups assigned to a particular user.